CVE-2025-58325: 
FortiOS Schwachstellenanalyse und -minderung

An Incorrect Provision of Specified Functionality vulnerability (CVE-2025-58325) was discovered in FortiOS's CLI component. The vulnerability affects multiple versions of FortiOS including 7.6.0, 7.4.0 through 7.4.5, 7.2.5 through 7.2.10, 7.0.0 through 7.0.15, and all versions of 6.4. This security flaw was internally discovered by Francois Ropert from Fortinet's PSIRT team and was disclosed on October 14, 2025 (Fortinet PSIRT, NVD).

The vulnerability is classified under CWE-684 (Incorrect Provision of Specified Functionality) and received a CVSS v3.1 base score of 7.8 (High). The flaw exists in the FortiOS CLI component and enables local authenticated attackers with high privileges to execute arbitrary system commands through specially crafted CLI inputs that bypass existing security controls (GBHackers, Fortinet PSIRT).

If exploited, this vulnerability allows attackers with administrative access to execute unauthorized system commands, potentially leading to privilege escalation with changed scope. The impact could result in full control over the device, data exfiltration, or further network compromise (Cybersecurity News).

Fortinet has released patches to address this vulnerability. Organizations are advised to upgrade to FortiOS 7.6.1, 7.4.6, 7.2.11, or 7.0.16 depending on their current version branch. Users of FortiOS 6.4 should migrate to a fixed release as no patch is available for this end-of-life version. Fortinet recommends using their upgrade path tool for proper migration planning (Fortinet PSIRT).